Protect your privacy when torrenting

I recently received a Notice of claimed copyright infringement from my Internet Service Provider, TekSavvy.

I’m not worried about this alleged breach of the law, but it still prompted me to up my torrent privacy game. After all, I don’t want my ISP to be involved in all the weird stuff I’m doing on the internet.

I did a bit of research, mainly around VPN splitting, but I’m getting ahead of myself. Here is a guide explaining how I actually torrent now:

Requirement: BitTorrent and VPN software

I’ll assume you already have qBittorrent and OpenVPN installed.

If not, I highly encourage you to install those through Chocolatey. It’s a package manager for Windows that provides the following advantages over installing stuff “the old way”:

  • Automatically selects the right binary (no more guessing the right download button)
  • Installs fast and silently (no wizard, next, next, next, next…)
  • Installs that package adware are prohibited
  • Updates software easily (just type choco upgrade all)
  • Feels like 2015, on par with linux that had this for the last decade

Choosing a VPN Provider

A Virtual Private Network is essentially an encrypted tunnel through which you can access network resources on the other side. VPNs are primarly used by people working from home that need access to internal company resources. In our case, a VPN will be used as a gateway to the Internet, so people on the other side looking at your connection will see your VPN gateway’s IP address instead of the one provided by your ISP.

A lot of companies are offering such a service but not all VPNs are created equal. TorrentFreak has a nice list of VPN providers that take privacy seriously.

I like Private Internet Access, because they’re cheap (40$ / year) and they’ve been there for some time. I’ve been using them for the last 3 years.

However, I wouldn’t recommend using Private Internet Access in a hostile environment as their security configuration is a bit lacking (no certificate authentication, weak encryption). For such networks, I use PrivateTunnel (disclosure: get +200 MB on signup with my referal link) which have stronger security and have a different pricing scheme: they bill by usage (in GB) instead of time (monthly, yearly). Ideal when you’re doing light usage in public places or security conferences.

The following assumes the use of the Private Internet Access VPN so it might be a bit different if you choose another provider. In either case, don’t install their bundled client software, we’ll use OpenVPN instead.

Setting up Private Internet Access on Windows

  1. First step is to download the OpenVPN configuration files
  2. Extract the contents of the zip file to OpenVPN’s config directory (usually C:\Program Files\OpenVPN\config)

Optional: Skip username/password prompt

Private Internet Access use password authentication with their VPN. As such, you’ll be prompted to enter your username/password each time you connect. You can avoid this prompt by creating a new file in that directory called auth.txt with your username in the first line and password in the second line, like this:

p5235234           <-- username
oMZ1dXD-$9mB1zsN   <-- password

Next, update the .ovpn file of your choice (or all of them) by adding the following line:

auth-user-pass auth.txt

This will tell your OpenVPN client to use the username and password contained in the auth.txt file that you just created.

Optional: VPN Splitting

By default, the VPN providers will set the redirect-gateway option, meaning that all your internet traffic will go through the VPN.

There are some important reasons why you might not want to do that:

  1. It cuts you off from your local network. You’ll lose access to your local server, printer, chromecast…
  2. It introduces latency and network overhead. Everything will be a tiny bit slower. Say goodbye to online gaming.
  3. It might block you from online services. Some services (espicially media streaming like Netflix) are blocking known VPN gateways.

Those are deal-breakers for me. Fortunately, there is a way to split the traffic into 2 streams: your regular traffic and your torrent one.

You’ll have to edit your .ovpn file(s) to add the following lines:

route 0.0.0.0 192.0.0.0 net_gateway
route 64.0.0.0 192.0.0.0 net_gateway
route 128.0.0.0 192.0.0.0 net_gateway
route 192.0.0.0 192.0.0.0 net_gateway

This will tell Windows to avoid using the VPN interface to reach the Internet.

For the next step, you’ll have to know the name of the OpenVPN adapter on your machine.
Go to your “Network and Sharing Center” and look for the TAP-Windows Adapter V9 interface. Default name is “Ethernet” but mine is is called “OpenVPN #1”.

Back to qBittorrent, in the advanced options, select your VPN network interface.

This will effectively “bind” qBittorrent to a specific network interface, telling the app to only use that particular one (and its IP address).

Launching OpenVPN

Last step is to launch OpenVPN GUI and establish a connection to your provider. You’ll need to do that as an administrator. Rest easy knowing that no torrent traffic will be sent from your public IP. What a great time to make use of the excellent qBittorrent built-in torrent search!

Conclusion

With this setup, I shouldn’t receive any more of those “Notice of claimed copyright infringement”. Hopefully this has been of some help to you. Now excuse me while I get back to download completely legitimate torrents.

March 31 is World Backup Day

March 31st is World Backup Day, an idea that spawned from this Reddit thread 3 years ago. There’s no shortage of reasons why it’s important to backup your digital data and I feel most people already know that by now.

However, most people are also doing it wrong:

  • Backing up your PC to a hard drive in the same PC is #notabackup
  • Backing up to a hard drive that is 30 cm away from your computer is #notabackup
  • The photos that are still in your phone is #notabackup
  • Putting your stuff systematically in Dropbox is #notabackup

The backup 3-2-1 rule is regarded as a rule of thumb and best practice:

  • 3 copies of anything you care about – Two isn’t enough if it’s important.
  • 2 different formats – Combination of Dropbox / DVDs / Hard Drive / Memory Stick / CrashPlan
  • 1 off-site backup – If the house burns down, how will you get your memories back?

Protect your legacy and backup your digital valuables properly.

Backup strategies

Windows 8 File History

This is by far the easiest way to have continuous backups of your personal files with Windows 8. You can even set your destination to a remote location on the network.

For more information on how to activate it, I highly recommend Scott Hanselman’s blog

Windows 8 System Image Backup

I like to have a full system image of machines I really care about such as my own PC. It would take weeks to fully restore all my software in the case of a system crash. That’s why I create this full system image weekly. With that, I can go from total crash to full restore in just a few hours.

It’s almost hidden, but Windows 8 has a built-in System Image backup tool. Even better: there is a command-line version of this tool that can be used with scheduled tasks.

[code]wbadmin start backup -backuptarget:\spockbackups -include:C:[/code]

Windows 8 Storage Spaces

The natural evolution of Drive Extender, a feature I know quite well from the good Windows Home Server days. Windows 8 Storage Spaces improves upon the original idea of software raid. You allocate physical drives as part of your “storage pool” and create “storage spaces” (buckets) that can have different raid-like configuration.

Here’s an example on how I do it with 8 physical drives

  • Multimedia: Parity
  • Backup: Simple (no resiliency)
  • Documents: Two-way mirror
  • Photos: Three-way mirror

This is not a proper backup per se, but data redundancy makes recovery quick and easy in case of a hard drive failure (which happens more than you’d like).

Acronis True Image

Acronis True Image is a commercial software that specializes in full system image. It features multiple backup schemes (full, incremental, differential), “encryption” and a wide range of other things.

I used True Image for two years, and while I find that is a rich and powerful backup suite, the consolidation algorithm is very poor. Unusable, even. You’ve been warned.

Cloud storage (Dropbox / Google Drive)

Most people won’t be able to fit all their pictures in 2 GB, which is what most cloud providers are offering in their free tier.

However, Google recently announced a substantial price cut for their Google Drive service. 2$ / month will get you 100 GB of storage, more than enough for most people willing to have an off-site backup.

CrashPlan

For about 5$ / month, CrashPlan offers unlimited online storage for 1 PC. Yeah, your red that right: unlimited online storage! That means that if I can have a single location for ALL my backups and push them to CrashPlan Central from there, it will count as a single PC… brilliant!

This works perfect for work laptops that are not always connected to my home network. They will remotely sync with my home server at night between 2am and 8am, while the Internet usage does not count towards my monthly limit. (Thanks, TekSavvy!). This is also during that time that I upload the backups to CrashPlan Central.

To this date, they don’t seem to mind the 2 TB of data I’ve uploaded over the last 2 years.

Going further

Encryption

What if your hard drives are stolen? You might think your personal data is of no interest but believe me, it is. Your backups should be encrypted.

SpiderOak, Acronis True Image and  CrashPlan all have some kind of encryption capabilities in their offering. However, when it comes to encryption, I only trust software that is open source. Which is why I highly recommend the use of TrueCrypt, a long time favourite in data privacy circles. (TrueCrypt has been discontinued. Use VeraCrypt for now)

Backup cloud services

You should not trust the cloud. I would be sad if I lost all those years of email. Tools like Gmvault can help creating local copies of your Gmail account.

Email is just an example; backup your data that’s only in the cloud.

Remember when Megaupload was one of the biggest cloud storage providers? They were raided and went out of business overnight.

Practice restoration

Backups always succeed. It’s restores that fail. Make sure you’ve tested your restore procedure. How do you test that procedure? Restore to a virtual machine! Visualization software like VirtualBox can help you in that regard.

My own solution

What Source Destination Scheduling Technology
Full system image Simon-PC On-premise home server Weekly Windows 8 System Image Backup
File-level backup Personal PCs On-premise home server Continuous Windows 8 File History
File-level backup Work PCs Home server Nightly CrashPlan
Off-site backup Home server CrashPlan Central Nightly CrashPlan

In my case, my home server is a big part of the puzzle. All the data is in one physical place for on-premise restoration of files and system image, protected from (1-2 simultaneous) hard drive failure thanks to Windows 8 Storage Spaces. Combined with CrashPlan for local/remote backups and off-site backups to the cloud, this is a true backup solution.

Happy World Backup Day! What’s your backup strategy?

Emergency Inbound Calls With Android

Calls from my significant other can range from “Just wanted to tell that I love you” (ain’t she sweet) to “THE CAR DOSEN’T START WHAT DO I DO!?!“.

I’m worried about missing a phone call from her. It could be an emergency. I could be in a meeting. My phone could be on mute. I could not be in the vicinity of my phone.

We agreed on the following: “If you call me twice in a row, I will always pickup your second call.” However, this assumes that I even hear the first call, which might not be the case depending on the above.

Solution

The awesome Tasker app is widely regarded as the best tool to automate such scenarios on Android devices. I used it to create the following project:

  • You can select multiple “VIP numbers”. Those VIPs will be allowed to trigger the emergency ring.
  • If a VIP calls twice in a certain amount of time (60 seconds by default) after the first call is missed, the phone will ring a different sound at maximum volume regardless of its silent state.
  • If you miss the second call, the phone will continue ringing until you call back or dismiss the emergency.

Here is exactly what it does:

Requires a flowchart to understand what it does.

Installation

  1. Download emergency-ring.mp3 (or rename your own) and put it in your root directory. I like this one because of its screeching sound.
  2. Download VIP.prj.xml on your phone and import it in Tasker
  3. Change the variables to your liking:
    • %TIMEWINDOW: the amount of seconds to listen for a second call (I suggest 60 seconds)
    • %VIP: Phone numbers of the people that are allowed to trigger the emergency ring (separate with “/”)

Conclusion

This is what I love about Android. There’s always a way to tailor it and make it yours. 

Moreover, it’s on Github so fell free to fork this gist. This will hopefully be of use for some of you.

Comments and pull requests welcome.